E.41. Release
9.3.21

This release contains a variety of fixes from 9.3.20. For
information about new features in the 9.3 major release, see
Section E.62.

E.41.1. Migration to Version
9.3.21

A dump/restore is not required for those running 9.3.X.

However, if you are upgrading from a version earlier than
9.3.18, see Section E.44.

E.41.2. Changes

Ensure that all temporary files made by pg_upgrade are non-world-readable
(Tom Lane, Noah Misch)

pg_upgrade normally
restricts its temporary files to be readable and writable
only by the calling user. But the temporary file
containing pg_dumpall -g
output would be group- or world-readable, or even
writable, if the user's umask setting allows. In typical usage
on multi-user machines, the umask and/or the working directory's
permissions would be tight enough to prevent problems;
but there may be people using pg_upgrade in scenarios where this
oversight would permit disclosure of database passwords
to unfriendly eyes. (CVE-2018-1053)

Fix “could not
devise a query plan for the given query”
planner failure for some cases involving nested
UNION ALL inside a lateral
subquery (Tom Lane)

Fix has_sequence_privilege() to support
WITH GRANT OPTION tests, as
other privilege-testing functions do (Joe Conway)

In databases using UTF8 encoding, ignore any XML
declaration that asserts a different encoding (Pavel
Stehule, Noah Misch)

We always store XML strings in the database encoding,
so allowing libxml to act on a declaration of another
encoding gave wrong results. In encodings other than
UTF8, we don't promise to support non-ASCII XML data
anyway, so retain the previous behavior for bug
compatibility. This change affects only xpath() and related functions; other
XML code paths already acted this way.

Up to now, PostgreSQL
servers simply rejected requests to use protocol versions
newer than 3.0, so that there was no functional
difference between the major and minor parts of the
protocol version number. Allow clients to request
versions 3.x without failing, sending back a message
showing that the server only understands 3.0. This makes
no difference at the moment, but back-patching this
change should allow speedier introduction of future minor
protocol upgrades.

These functions are stated to be Oracle® compatible, but they weren't
exactly. In particular, there was a discrepancy in the
interpretation of a negative third parameter: Oracle
thinks that a negative value indicates the last place
where the target substring can begin, whereas our
functions took it as the last place where the target can
end. Also, Oracle throws an error for a zero or negative
fourth parameter, whereas our functions returned
zero.

The sample code has been adjusted to match Oracle's
behavior more precisely. Users who have copied this code
into their applications may wish to update their
copies.

The “tag” portion of an ACL archive
entry was usually just the name of the associated object.
Make it start with the object type instead, bringing ACLs
into line with the convention already used for comment
and security label archive entries. Also, fix the comment
and security label entries for the whole database, if
present, to make their tags start with DATABASE so that they also follow this
convention. This prevents false matches in code that
tries to identify large-object-related entries by seeing
if the tag starts with LARGE
OBJECT. That could have resulted in misclassifying
entries as data rather than schema, with undesirable
results in a schema-only or data-only dump.

Note that this change has user-visible results in the
output of pg_restore
--list.

In ecpg, detect
indicator arrays that do not have the correct length and
report an error (David Rader)

Avoid triggering a libc assertion in contrib/hstore, due to use of
memcpy() with equal source
and destination pointers (Tomas Vondra)

Provide modern examples of how to auto-start Postgres
on macOS (Tom Lane)

The scripts in contrib/start-scripts/osx use
infrastructure that's been deprecated for over a decade,
and which no longer works at all in macOS releases of the
last couple of years. Add a new subdirectory contrib/start-scripts/macos containing
scripts that use the newer launchd infrastructure.

This may allow collection of a core dump for some
early-startup failures that did not produce a dump
before.

On Windows, avoid encoding-conversion-related crashes
when emitting messages very early in postmaster startup
(Takayuki Tsunakawa)

Use our existing Motorola 68K spinlock code on OpenBSD
as well as NetBSD (David Carlier)

Add support for spinlocks on Motorola 88K (David
Carlier)

Update time zone data files to tzdata release 2018c for DST law
changes in Brazil, Sao Tome and Principe, plus historical
corrections for Bolivia, Japan, and South Sudan. The
US/Pacific-New zone has been
removed (it was only an alias for America/Los_Angeles anyway).

Submit correction

If you see anything in the documentation that is not correct, does not match
your experience with the particular feature or requires further clarification,
please use
this form
to report a documentation issue.